JVM flag -Dcoldfusion.searchimplicitscopes

Forum|Forum|1 year ago
March 29, 2024
2 replies
522 views

Hi,

Adobe writes:

The JVM flag -Dcoldfusion.searchimplicitscopes will be removed in the next major release of ColdFusion, hence disallowing searching of an unscoped variable in the implicit scopes. This may require application code changes.

We are currently on Coldfusion2021. Does "next major release of ColdFusion" mean something like Coldfusion2025 or some other version than Coldfusion2021 and until we upgrade to that version we can continue to use the flag?

This topic has been closed for replies.

Charlie Arehart

Community Expert

Adding to Dave's always helpful answers: yes, the verbiage is confusing, and yes the jvm arg will work in cf2023 (and does now, along with cf2021, after this month's update). But no, or will not work in the next release they come out with.

That could be cf2025...but they have said in various places publicly that they're moving to ANNUAL releases, so it should be Cf2024.

/Charlie (troubleshooter, carehart. org)

D

Dave Watts

Community Expert

Well, this is kind of a major change that will almost certainly break all of your applications. So I wouldn't wait to find out whether they remove that flag in an update to CF 2023, or whether they wait for CF 2025 or whatever. Use the time you have now to fix your applications and remove the underlying security vulnerability of unscoped variables. It sounds like a pain, but better now than later.

Dave Watts, Eidolon LLC

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded